2023-04-16 22:31:28 +00:00
|
|
|
---
|
|
|
|
# task/configure file for renew_vault_certificates
|
2023-04-17 20:45:59 +00:00
|
|
|
- name: "Configure files for vault certificate renewal"
|
2023-04-17 20:47:18 +00:00
|
|
|
notify:
|
|
|
|
- "systemctl-enable-vault-certs"
|
|
|
|
- "systemctl-restart-vault-certs"
|
2023-04-17 20:45:59 +00:00
|
|
|
block:
|
2023-04-17 21:20:12 +00:00
|
|
|
- name: "Copy vault_config.hcl template"
|
2023-04-17 20:45:59 +00:00
|
|
|
ansible.builtin.template:
|
|
|
|
src: vault_config.hcl.j2
|
|
|
|
dest: "{{ renew_vault_certificates_config_dir }}/vault_config.hcl"
|
|
|
|
owner: "{{ renew_vault_certificates_vault_user }}"
|
|
|
|
group: "{{ renew_vault_certificates_vault_group }}"
|
|
|
|
mode: '0600'
|
|
|
|
|
|
|
|
- name: "Copy vault_cert.pem.tpl template"
|
|
|
|
ansible.builtin.template:
|
2023-04-17 21:20:12 +00:00
|
|
|
src: vault_cert.pem.tpl.j2
|
2023-04-17 20:45:59 +00:00
|
|
|
dest: "{{ renew_vault_certificates_config_dir }}/templates/vault_cert.pem.tpl"
|
|
|
|
owner: "{{ renew_vault_certificates_vault_user }}"
|
|
|
|
group: "{{ renew_vault_certificates_vault_group }}"
|
|
|
|
mode: '0600'
|
|
|
|
|
|
|
|
- name: "Copy vault_cert.key.tpl template"
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: vault_key.pem.tpl.j2
|
|
|
|
dest: "{{ renew_vault_certificates_config_dir }}/templates/vault_key.pem.tpl"
|
|
|
|
owner: "{{ renew_vault_certificates_vault_user }}"
|
|
|
|
group: "{{ renew_vault_certificates_vault_group }}"
|
|
|
|
mode: '0600'
|
|
|
|
|
|
|
|
- name: "Configure vault-certs systemd service"
|
2023-04-16 22:31:28 +00:00
|
|
|
ansible.builtin.template:
|
2023-04-17 20:45:59 +00:00
|
|
|
src: vault-certs.service.j2
|
|
|
|
dest: /etc/systemd/system/vault-certs.service
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0644'
|
2023-04-16 22:31:28 +00:00
|
|
|
notify:
|
2023-04-17 20:45:59 +00:00
|
|
|
- "systemctl-daemon-reload"
|